CVE-2015-7987 — CRITICAL (9.8)

Q: How severe is CVE-2015-7987?

CVE-2015-7987 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-7987?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Watchos, Apple Airport Base Station Firmware, Apple Airport Base Station.

Vulnerability Description

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	>= 9.0, < 9.1
Apple	Mac Os X	>= 10.9, < 10.9.5
Apple	Watchos	< 2.1
Apple	Airport Base Station Firmware	>= 7.6, < 7.6.7
Apple	Airport Base Station	All versions
Apple	Mdnsresponder	< 625.41.2

Related Weaknesses (CWE)

CWE-119

References

http://www.kb.cert.org/vuls/id/143335Third Party AdvisoryUS Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
http://www.securityfocus.com/bid/91323Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036181Third Party AdvisoryVDB Entry
https://support.apple.com/HT206846Vendor Advisory
http://www.kb.cert.org/vuls/id/143335Third Party AdvisoryUS Government Resource
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
http://www.securityfocus.com/bid/91323Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036181Third Party AdvisoryVDB Entry
https://support.apple.com/HT206846Vendor Advisory

FAQ

What is CVE-2015-7987?

CVE-2015-7987 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForM...

How severe is CVE-2015-7987?

CVE-2015-7987 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-7987?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Watchos, Apple Airport Base Station Firmware, Apple Airport Base Station.